Hello, I think I found a bug in l2tp + ip sec. When we create a password on the ipsec server, and if we change this password then the client connects normally even if the connection is closed (disconnected). The client even being with the password of the wrong ipsec will connect automatically, it only happens to stop connecting, when in the peer option of the ipsec server we give a disable / enable in the peer. Would not the customer with the wrong password stop connecting when we overturned his connection ?
Which of the two devices is Mikrotik? The client, the server, both?
Which password have you changed and where? The “shared secret” (used in the IPsec layer) or the password of the individual user (used in the l2tp layer)?
Both are normally checked only when establishing the connection, not when it is running. So if you change any of the two passwords, the affected client(s) which were connected remain connected until you drop the connection.
Specially if you change the ipsec shared secret in l2tp-server configuration, you have to disable and re-enable the server because the ipsec peer which uses that shared secret is created dynamically by the l2tp server.
The client and server are mikrotik. I know the ipssec password is verified during the client connection to the server, however that is what I am reporting, if I change the server’s ipsec password, even though I disconnect the client it reconnects normally. The client only stops connecting regardless of which password is in it, after the server’s ipsec peer is disabled / enabled.
OK. If you deem this behaviour a bug, report it to support@mikrotik.com. To me it was always somehow obvious that it works this way but it is a matter of personal opinion.
Anyway, thank you very much for the attention my friend, and sorry if the text was difficult to understand, is that I do not speak English there I took the google translator to be able to pass from Portuguese Brazil to English.